On Mon, Aug 20, 2001 at 10:07:19PM -0500, Jeff Bachtel wrote:
> > > 2) Modify OpenBSD's quota code to recognize a quota.directory
> > > directive, which specifies hard/soft limits and gracetime for a
> > > directory. This is actually kinda nasty to think about.
> > yeah, but better than a thousand per-application-quota implementations,
> > isn't it?
> I'm not convinced that it is. It depends on whether you want your OS,
> which has minimal if any concern with virtual users (in its design, at
> least) to provide services for various virtualized apps. I'd actually
> prefer to see some sort of libvirtual used by applications to allow
> them to control their own resource use, while simplifying development.
Hmm. I don't think this solves the issues. I'm not sure wether per-directory
quotas are _the_ solution, though, but I don't have a better idea yet.
Let me throw two examples in discussion.
1: A cluster of qmail-ldap machines delivering to Maildirs on a central NFS
storage machine. The Maildir++ "standard" includes quota management (and it
works really fine). On the NFS storage machine you usually have something like
/mailstore/$user/Maildir/{new,cur,tmp}
Each new mail is one file in new/, the Maildir++ standard makes sure there
is no filename conflict, and Maildirs are designed to live on NFS shares.
But due to the concurrent deliveries that may (and on bigger setups will)
happen there is no way to ensure the Maildir never gets bigger than the
quota allows. I don't see a real-world problem here as the margin isn't too
big, but... well, you know.
2: simple hosting, static html only. No need for system users per account
here. If you allow uploads via FTP you must have some kind of quota
management in the ftp daemon - quite annoying and fails if you ever
copy/delete some files in another way (shell). If you throw a second upload
possibility in, for example these f**** frontpage extensions, you lost. Or
webdav as another poster. As you usually have a directory structure like
/var/www/$user/ or something likely a per-directory-quota would solve this
issue, too.
> Then again, with system authentication modules that can authenticate
> against a mysql table, it could be argued that I'm hopelessly
> backwards in my thinking ;)
the target in virtual user setups is _not_ to have system users at all,
neither through the classic pwd.db/passwd nor through some auth module...
--
* Henning Brauer, hostmaster_(_at_)_bsws_(_dot_)_de, http://www.bsws.de *
* Roedingsmarkt 14, 20459 Hamburg, Germany *
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)